信息网络安全 ›› 2015, Vol. 15 ›› Issue (9): 6-9.doi: 10.3969/j.issn.1671-1122.2015.09.002

• 优秀论文 • 上一篇    下一篇

一种基于混合模式的Web入侵检测系统架构研究

张明(), 许博义, 许飞   

  1. 信息系统安全技术重点实验室,北京 100101
  • 收稿日期:2015-07-15 出版日期:2015-09-01 发布日期:2015-11-13
  • 作者简介:

    作者简介: 张明(1990-),男,陕西,硕士研究生,主要研究方向:网络安全;许博义(1963-),男,辽宁,研究员,硕士,主要研究方向:网络安全;许飞(1981-),男,重庆,助理研究员,硕士,主要研究方向:网络安全。

Research on Web Intrusion Detection Module Based on Hybrid Framework

Ming ZHANG(), Bo-yi XU, Fei XU   

  1. National Key Laboratory of Science and Technology on Information System Security, Beijing 100101, China
  • Received:2015-07-15 Online:2015-09-01 Published:2015-11-13

摘要:

Web入侵检测系统对Web访问进行实时监控并能及时发现针对Web的攻击行为,能有效解决Web所面临的安全问题。文章分析了当前Web入侵检测技术的优势和不足,提出一种基于混合模式的Web入侵检测架构,该架构集成了基于特征的Web入侵检测模块和基于异常的Web入侵检测模块。基于特征的Web入侵检测模块主要用于检测各种已知的、易于提取特征的攻击,基于异常的Web入侵检测模块主要用于检测各种未知的、难以被基于特征的Web入侵检测模块发现的攻击。混合架构能有效提高攻击的检测率。

关键词: Web入侵检测, 混合架构, 基于特征的检测模块, 基于异常的检测模块

Abstract:

Web intrusion detection system can monitor Web access transactions in real-time and detect attacks in time, which can solve the Web security problems effectively. This paper analyzes the advantages and shortcomings of the current Web intrusion detection techniques, and then proposes a Web intrusion detection hybrid framework. The hybrid framework integrates a signature-based detection module and an anomaly-based detection module. The signature-based detection module is mainly used to detect those known attacks, which easily are extracted features. The anomaly-based detection module is mainly used to detect those unknown attacks, which can hardly be detected by the signature-based module. The hybrid framework achieves a higher detection rate.

Key words: Web intrusion detection, hybrid framework, signature-based detection module, anomaly-based detection module

中图分类号: